Tuesday, December 11, 2018

So, you got hacked?Today's Internet is full of greedy people. Why did I say that? Do you know the most profitable way of earning money on the internet is data mining?And it's not an uncommon or unusual thing finding a malware or keylogger installed in your system to collect your data. The only way is.If malware or keylogger is installed in your system, it might be sending data to its owner's server. If you can detect what applications on your system sending and receiving data using what IP and port, then it will be easier to terminate the suspected applications and you can delete the applications from your system.I am going to use here two tools. They are Netstat and TCPView. These are very known and useful tools. Netstat simply works in console mode but if you want to experience GUI mode, you can use TCPView.Let's go ahead and see how you can use these two tools to detect malware or keylogger installed in your system.

Using Netstat To Detect Malware or Keylogger:

Netstat(Network Statics) comes pre-built in windows. This tool is used to analyze the established connections on the TCP networks. Besides this, it can show routing tables, Network protocol statics, port numbers, process ID, number of network interfaces etc.

Netstat also comes by default for other platforms i.e MacOS, Linux, Solaris, and BSD.

Let's see how to use it.

Run the command prompt as an administrator. Now you can take it in use. Type the command-

netstat ?

This command will show the options we can use to analyze different information. Now, let's see the established connections. Type the command-

netstat -a

This command will display the active connections on TCP and listening ports. This way you can know with which IPs your system is connected. You can recognize suspicious IPs using IP Lookup.

The site I added above gives maximum information it can give for free. Now see the name of the applications who creating the connections and listening ports. Use the command-

netstat -b

The command is showing the name of the applications creating connections and their IPs. Here netstat showing the protocol the applications using but if you want to see the ports along with the protocol, use the command- netstat -b -n and it will show the ports.

Terminate the suspicious Processes:

Now you got the name of the applications and their IPs. You can terminate the programs that are looking suspicious for you. Type the commandnetstat -bno

This command will show the name of the applications, their IPs, and process ID together. I don't want to put a virus on my system to demonstrate you. That's why I opened the avast browser and killed the process. Look how I did that. I put a command in the CMD to kill it.taskkill /pid 5712 /F

This command killed the avast browser process. Try it on other suspicious processes to kill them.

Using TCPView to Detect a Malware or Keylogger:

If you get bored of putting command lines, then you can use TCPView. This tool shows the same details but in GUI mode. It is a very small tool and you can download it from here.

Let's open and see how the application works.

Here the program showing all the running applications, their IPs, ports, protocols and also how much data packets sending and receiving. If find a process suspicious and sending data packets to an unknown port, just right click on the process and click on "End process" and you can also check the application's property to know where it is saved.

Signs you have Virus installed in your system:

If you have a really good PC but it takes too much time to open a simple application, then your system might have a virus running in the background. The most common symptoms are-

1. Your browsers behave suspiciously. When you open a website, it redirects to other websites and many popups appear. Also, change of your default search bar.

3. You see unknown processes in the task manager whether if you are not using these processes which are completely unknown.

4. Uninstalling or deleting simple program or file isn't working.

5. Your IP address blocked by the websites you visit daily without any reason.

These are the basic symptoms we see whenever virus enters our system. To protect our systems, we must update our OS and AV software regularly.

Conclusion:

These applications are so useful to check up our systems for virus and to remove them. These days the internet is full of viruses and it is not easy to survive for normal without caution.

We should take these tools in use whenever we notice suspicious activity in our systems. We can check up our systems on a daily basis without the help of experts. That's the best thing.

If you liked the tutorial, let me know and if you have any confusion or problem regarding these tools, feel free to explain it in the comment box. Stay safe and have a joyful hacking journey.Authored by: Manas Lahon